Watch Out! Calm Patch Tuesday Includes Sleeper Vulnerability

Vulnerability only listed as important, not critical, by vendor, but could have huge impact

ALISO VIEJO, Calif. - GeorgiaChron -- Verismic, a global leader in cloud-based IT management and security technology, has released its latest Patch Tuesday assessment. The October 2019 Patch Tuesday from Microsoft only includes 59 updates, much less than last month's release of 80 updates. However, this doesn't mean IT departments should be complacent, here are still nine updates listed as critical and 49 listed as important.

CVE-2019-1367, originally released as an out of band security update last month, has been re-released and is actively being weaponized. Following several misguided attempts to re-assure customers, Microsoft released it to WSUS on October 7th and have released it again on the 8th. They also noted the updated patch addresses some 'quality issues' in the first versions. Customers of Cloud Management Suite had all versions available to them, including the uninstalls.

Robert Brown, Director of Services at Verismic noted, "Our customers can be confident that when they use Cloud Management Suite, our expert onboarding team helps implement a successful patching strategy tailored to the customers environment, including the ability to roll back problematic updates."

CVE-2019-1311 is only marked as Important, but we believe this could have a huge impact if not addressed. It carries a CVSS score of 7.8 and, if exposed, could allow a sophisticated attack using the same credentials as the victim. What makes this ultra-important for IT departments, is that in order to exploit the vulnerability, an attacker would only have to convince a user to open a specially crafted .WIM file. If you are concerned about moving to newer versions of Windows 10 and being vulnerable to the same attack, we recommend this update be prioritized.

Verismic Software Inc. is a global industry leader providing cloud-based IT management and security technology focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Verismic works with companies ranging from 50 to 10,000 endpoints delivering a variety of solutions. Verismic's software portfolio includes the first-of-its-kind agentless, Cloud Management Suite (CMS); For more information, visit www.cloudmanagementsuite.com.